Earlier this week, the International Criminal Police Organization (INTERPOL) and the African Union Mechanism for Police Cooperation (AFRIPOL) announced that the organizations have identified and arrested members of cybercrime groups operating across Africa. These individuals specialize in ransomware, digital extortion, online scams, and business email compromise (BEC) attacks.

INTERPOL and AFRIPOL activities related to this effort, called Operation Serengeti, were supported by numerous partners, including Fortinet, and research from the Cybercrime Atlas.

The Cybercrime Atlas is a collaboration initiated by the World Economic Forum’s Partnership Against Cybercrime, in which cybercrime experts use open-source research to map cybercriminal activities and identify joint public and private sector responses to cybercrime. Fortinet is a launch partner of the Cybercrime Atlas, which has been in operation for a year.

Separately, Fortinet, a longtime INTERPOL partner, was named a private contributing partner in Operation Serengeti for playing a vital role in sharing intelligence, supporting analysis, and disrupting criminal activities.

Takedown Operation Nets Over 1,000 Suspects

As a result of Operation Serengeti, authorities across 19 participating countries arrested 1,006 suspects and dismantled nearly 135,000 malicious infrastructures and networks.

The arrests follow months of international police collaboration, acting on information initially shared by partners, including the Cybercrime Atlas. This most recent effort identified and monitored these threat actors, leading to the arrests.

Information provided by participating countries of ongoing cases with INTERPOL fed into 65 cyber analytical reports to ensure actions on the ground were intelligence-led and focused on the most significant actors. Seven private sector partners also played a vital role by sharing intelligence, supporting analysis, and disrupting criminal activities. These partners provided on-site support and offered around-the-clock remote assistance to patch vulnerabilities and secure critical infrastructure for the participating member countries.

Operation Serengeti disrupted:

• Online credit card fraud operations run out of Kenya, which resulted in a collective total of $8.6 million in losses for victims
• A Ponzi scheme in Senegal impacting nearly 1,800 victims
• Investment scams in Nigeria, which reportedly netted the malicious actor more than $300,000
• A virtual casino run by an international cybercriminal group in Angola primarily targeting Brazilian and Nigerian gamblers, which defrauded hundreds of individuals through its platform
• A multi-level marketing scam that involved trafficking victims from seven different countries to Cameroon, where they were promised employment and training opportunities but then held captive and obliged to lure others into the scheme to gain their freedom

These cybercrime operations resulted in a combined monetary loss of almost $193 million among numerous victims.

The Role of Cybercrime Atlas in Disrupting Adversary Operations

The Cybercrime Atlas, which became operational earlier this year, was created to drive real impact and a coordinated effort to create a chain of disruption in the world of cybercrime. It will enable the entire cybersecurity community to become more resilient and effective at stopping cybercrime on a global scale.

The Cybercrime Atlas comprises experts using open-source research to map cybercriminal activities and identify joint public and private sector responses to cybercrime. The group’s members currently include more than 20 law enforcement agencies, private-sector security companies, and incident responders, non-governmental organizations, financial institutions, and academic partners. In its first year of operation, Cybercrime Atlas contributors shared more than 10,000 community-vetted and actionable data points and supported two cross-border cybercrime disruption efforts. They created seven comprehensive intelligence packages on emerging threats that were shared with law enforcement so that this actionable data could be operationalized. These intelligence packages created by Cybercrime Atlas contributed directly to the success of Operation Serengeti.

Fortinet’s Role in Disrupting Adversary Operations

Fortinet has been a trusted partner to INTERPOL since 2015, and officially became an INTERPOL Gateway partner in 2018. This ongoing collaboration has resulted in greater threat intelligence standards and protocols implemented across the industry and impactful global cybercriminal takedowns and disrupting criminal activities.

In 2022, FortiGuard Labs provided evidentiary support to INTERPOL and African Member countries as part of the Africa Cyber Surge Operation (ASCO) to help detect, investigate, and disrupt cybercrime through coordinated law enforcement activities, utilizing INTERPOL platforms, tools, and channels in close cooperation with AFRIPOL. As a part of that effort, FortiGuard Labs provided actionable threat intelligence over six months, consisting of botnet, command and control (C2), and malware infrastructure research, including C2, malware, and botnet victims in Africa. This enabled member countries to identify more than 1,000 malicious IP addresses, dark web markets, and individual threat actors.

Public-Private Collaboration Is Vital to Fighting Cybercrime

Turning the tide against cybercrime requires a culture of collaboration, transparency, and accountability on a larger scale. No single organization can effectively halt cybercrime alone. These arrests are a strong example of how public-private partnerships can impact the disruption of large-scale cybercrime activities, leading to a safer, more resilient society.

Every organization has a place in the chain of disruption against cyberthreats. Creating ongoing collaboration opportunities with high-profile, well-respected organizations from both the public and private sectors is a fundamental aspect of Fortinet’s commitment to enhancing cyber resilience around the globe. By working together, we can make meaningful progress in disrupting adversary operations.